The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Recursive look-ups question. (High loads/bfd)

Discussion in 'General Discussion' started by azz, Nov 26, 2006.

  1. azz

    azz Member

    Joined:
    Jun 23, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    My server loads are shooting through the roof, and I think it is because of hundreds of these:

    I have done lots of searches here and my named.conf already has:



    What I have noticed now twice, is the server loads go up and up an up, and then BFD kicks in and then they start to go down... could it be some kind of dos attack or similar? The loads hit around 40/50.

    Additionally my sites report an error once a day or so, saying they have lost connection to mysql, or mysql server has gone away. Could these all be connected? I have recompiled apache with the latest php and mysql, and updated cpanel software etc, but this is still happening... :-(

    Any help greatly appreciated.
     
  2. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    It is very difficult to say, if your server is under attack! and if yes, what kind of attack. To understanding attack techniques, go to: http://www.servertune.com/kbase/security/attacks.html
    You also need to make sure that you don't have a "runaway script" which can continuously loop, dragging down your server's resources. Type this command at the prompt to see the processes running when load is high:
    ps auxfww |more
     
  3. azz

    azz Member

    Joined:
    Jun 23, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Hi Andy, thanks for the link.

    While it tells you about the different kind of attacks, it doesn't really say anything on how you can identify them...?

    Does BFD keep a log? Do you know the command I need to access it? Maybe it will have some clues?

    Regarding the recursive look-ups, as the settings in my named.conf essentially has disabled them, why do they still show in my log file? (as quoted in my post above). I'm just wondering, could the logging itself be causing the loads to go up? And why are there so many requests in the same 'second'? Is that normal?

    Thanks for your help.
     
    #3 azz, Nov 27, 2006
    Last edited: Nov 27, 2006
  4. AndyReed

    AndyReed Well-Known Member
    PartnerNOC

    Joined:
    May 29, 2004
    Messages:
    2,222
    Likes Received:
    3
    Trophy Points:
    38
    Location:
    Minneapolis, MN
    BFD log file can be found at: /var/log/bfd_log

    It's perfectly normal to have 'spikes' in your Server Load. Peak visitor times, log processing, database backup scripts, automated cron jobs - all can cause 'spikes' in your server load. It's when the server load is constantly above 5.00 - that's the time to start digging for clues. Having said that and within the context of the information you provided, it is really hard to say what is the real cause of server high load without looking into the server. Hope this helps!
     
  5. azz

    azz Member

    Joined:
    Jun 23, 2003
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    Hi Andy - thanks for your help.

    If I get to the bottom of it (or need further help!) I'll post an update :)

    The server loads rarely hit 1 - it's just been the odd time they've been shooting up to the 50's and both times I've seen it happen, I've seen BFD show up in top stats and immediately the loads start to go down - which is what makes me think it's some form of attack..
     
Loading...

Share This Page